﻿<?xml version="1.0" encoding="utf-8"?>
<topic id="d021aa39-4cbf-4450-a3c1-d5573ca7ce8c" revisionNumber="6">
  <developerHowToDocument xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5" xmlns:xlink="http://www.w3.org/1999/xlink">
    <title>How to: Configure the ASP.NET Roles Service with Windows Communication Framework</title>
  <introduction>
    <para>This topic shows how to configure the ASP.NET Roles service as a Windows Communication Framework (WCF) service on a Web server running Internet Information Services (IIS). You should always use Roles Service with Secure Sockets Layer (SSL) when the role name could be used by a malicious user to expose sensitive data or the role name is stored in a persistent cookie.</para>
    <alert class="note">
      <para>If your Web server is not already set up for SSL, obtain and install a server certificate. For information on setting up SSL, see How to: Set Up SSL on a Web Server.</para>
    </alert>
  </introduction>
  <procedure>
    <title>To set up the ASP.NET Roles service</title>
    <steps class="ordered">
      <step>
        <content>
          <para>If you do not already have an ASP.NET Web application, create one.</para>
        </content>
      </step>
      <step>
        <content>
          <para>Configure the ASP.NET Login service for authenticating users.</para>
          <para>For information on setting up the ASP.NET Login service, see <link xlink:href="f7913259-762e-4a73-a771-ac9e42903f44">How to: Setup Login Service</link>.</para>
        </content>
      </step>
      <step>
        <content>
          <para>Add a service file (.svc) to your Web site that contains a directive referencing the <codeEntityReference autoUpgrade="true">T:System.Web.Security.RolesService</codeEntityReference> class, as in the following example.</para>
          <code language="c#">&lt;% @ServiceHost Language="C#" Service="System.Web.Security.RolesService" %&gt;

&lt;% @ServiceHost Language="VB" Service="System.Web.Security.RolesService" %&gt;</code>
        </content>
      </step>
      <step>
        <content>
          <para>In the Web.config file, add or modify the <languageKeyword>&lt;system.serviceModel&gt;</languageKeyword> element to define the service and its endpoint contract. For more information about WCF endpoints, see Endpoints in WCF.</para>
          <para>The following example shows the <languageKeyword>&lt;system.serviceModel&gt;</languageKeyword> element of a Web.config file with an endpoint contract configured for the ASP.NET Roles service. </para>
          <code>&lt;system.serviceModel&gt;
    &lt;services&gt;
        &lt;service name="System.Web.Security.RolesService"
        behaviorConfiguration="MyServiceTypeBehaviors"&gt;
            &lt;endpoint contract=
                "System.Web.Security.RolesService"
                binding="basicHttpBinding"/&gt;
        &lt;/service&gt;
    &lt;/services&gt;
    &lt;behaviors&gt;
        &lt;serviceBehaviors&gt;
          &lt;behavior name="MyServiceTypeBehaviors"&gt;
            &lt;serviceMetadata httpGetEnabled="true"/&gt;
          &lt;/behavior&gt;
        &lt;/serviceBehaviors&gt;
    &lt;/behaviors&gt;
&lt;/system.serviceModel&gt;</code>
        </content>
      </step>
      <step>
        <content>
          <para>In the Web.config file, enable ASP.NET compatibility in the WCF hosting environment. For more information on hosting WCF services, see WCF Services and ASP.NET.</para>
          <para>The following example shows the <languageKeyword>&lt;serviceHostingEnvironment&gt;</languageKeyword> element set to ASP.NET compatibility. </para>
          <code>&lt;system.serviceModel&gt;
    &lt;services&gt;
        &lt;service name="System.Web.Security.RolesService"
        behaviorConfiguration="MyServiceTypeBehaviors"&gt;
            &lt;endpoint contract=
                "System.Web.Security.RolesService"
                binding="basicHttpBinding"/&gt;
        &lt;/service&gt;
    &lt;/services&gt;
    &lt;behaviors&gt;
        &lt;serviceBehaviors&gt;
          &lt;behavior name="MyServiceTypeBehaviors"&gt;
            &lt;serviceMetadata httpGetEnabled="true"/&gt;
          &lt;/behavior&gt;
        &lt;/serviceBehaviors&gt;
    &lt;/behaviors&gt;
    <codeFeaturedElement>&lt;serviceHostingEnvironment</codeFeaturedElement>
<codeFeaturedElement>    aspNetCompatibilityEnabled="true"/&gt;</codeFeaturedElement>
&lt;/system.serviceModel&gt;</code>
        </content>
      </step>
      <step>
        <content>
          <para>Create a binding that requires SSL, and set the endpoint contract to use that binding. </para>
          <para>When you set the contract to use transport security, the service can only be accessed over HTTPS. For more information on transport security in WCF, see Transport Security.</para>
          <para>The following example shows the <languageKeyword>&lt;bindings&gt;</languageKeyword> element, configured for transport security. The endpoint contract is set to use the secure binding through the <languageKeyword>bindingConfiguration</languageKeyword> property.</para>
          <code>&lt;system.serviceModel&gt;
    &lt;services&gt;
        &lt;service name="System.Web.Security.RolesService"
        behaviorConfiguration="MyServiceTypeBehaviors"&gt;
            &lt;endpoint contract=
                "System.Web.Security.RolesService"
                binding="basicHttpBinding"
                <codeFeaturedElement>bindingConfiguration="userHttps"</codeFeaturedElement> /&gt;
        &lt;/service&gt;
    &lt;/services&gt;
    <codeFeaturedElement>&lt;bindings&gt;</codeFeaturedElement>
<codeFeaturedElement>        &lt;basicHttpBinding&gt;</codeFeaturedElement>
<codeFeaturedElement>            &lt;binding name="userHttps"&gt;</codeFeaturedElement>
<codeFeaturedElement>                &lt;security mode="Transport" /&gt;</codeFeaturedElement>
<codeFeaturedElement>            &lt;/binding&gt;</codeFeaturedElement>
<codeFeaturedElement>        &lt;/basicHttpBinding&gt;</codeFeaturedElement>
<codeFeaturedElement>    &lt;/bindings&gt;</codeFeaturedElement>
    &lt;behaviors&gt;
        &lt;serviceBehaviors&gt;
          &lt;behavior name="MyServiceTypeBehaviors"&gt;
            &lt;serviceMetadata httpGetEnabled="true"/&gt;
          &lt;/behavior&gt;
        &lt;/serviceBehaviors&gt;
    &lt;/behaviors&gt;
    &lt;serviceHostingEnvironment
    aspNetCompatibilityEnabled="true"/&gt;
&lt;/system.serviceModel&gt;</code>
        </content>
      </step>
    </steps>
  </procedure>
  <section>
    <title>Caching and Encrypting Roles in a Cookie</title>
    <content>
      <para>You can store role information in an encrypted cookie on the user's computer. On each page request, ASP.NET reads the cookie and populates the role information for that user from the cookie. This strategy minimizes the need to read role information from the database. If you cache the user's roles in a cookie, configure the role manager to encrypt and validate the cookie by setting the <codeInline>cookieProtection</codeInline> attribute to <languageKeyword>All</languageKeyword>. In addition, set the <codeInline>cookieSlidingExpiration</codeInline> attribute to <languageKeyword>false</languageKeyword> to limit the cookie's valid duration.</para>
      <procedure>
        <title>To encrypt authorization cookies</title>
        <steps class="bullet">
          <step>
            <content>
              <para>In the Web.config file, set the cookieProtection attribute of the <languageKeyword>&lt;roleManager&gt;</languageKeyword> element to <languageKeyword>All</languageKeyword>, the cacheRolesInCookie to <languageKeyword>true</languageKeyword> and the cookieSlidingExpiration element to <languageKeyword>false</languageKeyword>.</para>
              <code>&lt;roleManager 
    cacheRolesInCookie="true" 
    cookieName=".SVCRoleCookie" 
    cookieProtection="All" 
    cookieSlidingExpiration="false" 
    cookiePath="/"&gt;
&lt;/roleManager&gt;</code>
            </content>
          </step>
        </steps>
      </procedure>
    </content>
  </section>
  <codeExample>
    <description>
      <content>
        <para>The following code example shows the complete web configuration file for setting up Roles Service and Login Service to be used over SSL.</para>
      </content>
    </description>
    <codeReference>System.Web.Security.RolesService_Setup#1</codeReference>
  </codeExample>
  <security>
    <content>
      <para>Always use the Roles service together with SSL to protect sensitive data.</para>
    </content>
  </security>
  <relatedTopics>
  </relatedTopics>
</developerHowToDocument>
</topic>